For future reference: if the last time that system had been updated was in March of 2021, the signature keys available to the system would have been too old to verify newer packages. Those keys can expire as soon as 6 months after being released (although usually longer).
Disabling all key signature validation works (as you discovered), but is not recommended for most of the updates.
A less drastic approach would have been to disable the key signature verification, update only the keyring packages, then re-enable the verification. I’ve explained how to do this in a previous post.
There is also a script I’ve written that you might be interested in. It incorporates that fix, along with other manual package changes I’ve come across. I frequently test it against older installs to better automate the update process for those (not officially supported by manjaro devs, use at your own risk, etc, etc). In the event that you need to update another older install, the list of manual changes can be a good reference.